 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Noobrzor
Advanced Cheater
![]() Reputation: 0
Joined: 19 May 2014
Posts: 74
|
 Posted: Mon May 02, 2016 2:28 pm Post subject: Filtering addresses from a multipurpose function/code |
 |
|
Greetings
Some games have very convenient functions that can be utilized. Example is a direct 'sub [eax+10],#1' in regards to ammo, or some function like 'mov eax,[ecx+10]' which accesses only one or select few addresses, all relevant. Say you got a game with 6 ammo types, and that one single code accesses these 6, and only these. No problems there.
What I have a great problem with this multipurpose code. It might be called differently, but that's what I describe right now. I lack any proper courses passed in regards to this.
Say this "mov eax,[ecx+10]" is the only code available, and which accesses (doesn't write to, accesses values for display or something) a lot of addresses.
For example, it reads the amount of every stackable item in inventory. And let's just say that's the only code we have that only reads from the address, doesn't write to it, and is in effect constantly, not just when we shoot/use/drop/whatever in regards to inventory (as for example sub [eax],ecx would work).
Let's say we want an ammo cheat. Currently in our inventory there are 3 medkits, 20 .38 bullets, 20 .45 bullets, and 4 pieces of rubbish. And this code, when we 'Find out what addresses this instruction accesses' we find out that all 4 of them show up.
The problem is we want to filter these. So when we'll write an AA script we will have a separated pool. I often do this like:
| Code: | cmp [esp+10],Game.exe+FF443
je hack
jne nohack
hack:
mov [ecx+10],#99
mov eax,[ecx+10]
jmp return
nohack:
mov eax,[ecx+10]
jmp return |
I've been going out of my way to discover ways to filter. The shown up above 'Game.exe+FF443' way of finding Secondary values from Stackview is the most common one. I always do it. But sometimes it's not enough.
And there are no other codes. Well, there is one more that writes, but the same problem is there. And I can't find pointers, even with Pointerscan searching for 10 levels.
The problem is that very often when I was debugging my cheat, I'd find that instead of two addresses for ammo that I could, for example, want, a whole bunch of crazy valued ones show up, or those that are plain 0'es, and these are affected by my cheat as well. That often happened when loading a savegame or changing a level. Also getting confused with the above filter example. And suddenly weird stuff happens, because I'm setting value to #99 of things that shouldn't be set.
So I know only the cmp of some secondary values of stackviews, filtering based on the range of amount there is (say if addressValue > 50 and < 9999 then executeCheat), setting many layered compares, plus pointers and other codes (like 5 different codes that access the same address, but one code accesses only this what I want and 4 others access a whole bunch).
How else can you filter? I searched for guides, tutorials, but I don't find anything. I've been fooling around with breakpoints and tracing for the first time today but I hadn't came up with anything.
Any help is appreciated.
Best Regards
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon May 02, 2016 2:37 pm Post subject: |
|
|
Complete the last step of the CE tutorial that covers data structure dissection. Also...
| ++METHOS wrote: | There are other things that you can try.
- You can use a pointer address for your filter, inside of your script, for the value that you are trying to manipulate.
- You can use pointer trees inside of the data structure to find something viable.
- You can shift the data structure (+ or -) and/or expand its size to find something useful.
- You can use the structure spider to find workable strings and/or for comparative analysis.
- You can check the register values by attaching the debugger or setting a breakpoint to see if something can be used for your filter.
- You can check to see if there are any instructions that are exclusive to the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can check to see if there are any instructions that are exclusive to any other address/value inside of the data structure for the address/value that you are trying to manipulate and store the address for your filter by creating a second injection point.
- You can analyze assembly code to see if an identifier is being checked or assigned somewhere.
- Et al.
|
|
|
| Back to top |
|
|
Noobrzor
Advanced Cheater
![]() Reputation: 0
Joined: 19 May 2014
Posts: 74
|
| Posted: Mon May 02, 2016 3:52 pm Post subject: |
|
|
Right, right, I forgot to mention. I also know the data dissection and utilizing surroundings of the data. I.e. hp is eax and maxHP is eax+4 mana is eax+8 maxmana is eax+c and so on.
I also have little luck with the method. Few times, it worked as well, but other times (like the inventory thing) nope. Many of them are too vague, strange, or inconsequential to be relayed just to the singular thing I want. Especially in games where pointers for, say, ammo values are set but only for different maps/levels.
I had completed the whole tutorial, just in case.
I'll think upon your advice now.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon May 02, 2016 4:56 pm Post subject: |
|
|
| A familiarity with data structures will help with some of the aforementioned methods. If you have any questions, just ask.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
